[Bro] Bro Log ingestion
Stephen Reese
rsreese at gmail.com
Tue Sep 16 19:28:21 PDT 2014
On Tue, Sep 16, 2014 at 9:54 PM, Jonathon Wright <
jonathon.s.wright at gmail.com> wrote:
>
> Research
> Looking around and doing some reading, I've found two possible solutions
> ELSA and LOGSTASH although I don't know them very well and / or what their
> capabilities are either. But I'd like to know if they are viable,
> especially given my scenario, or if there is something better. Also, a
> how-to so I can set it up.
>
You might want to skip on the Logstash piece and push the data directly to
ElasticSearch per [1] unless you have a specific requirement. From there
you could use Kibana [2] or whatever to interface with data stored in
ElasticSearch.
[1] https://www.bro.org/sphinx/frameworks/logging-elasticsearch.html
[2] http://www.elasticsearch.org/overview/kibana/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140916/89cebff2/attachment.html
More information about the Bro
mailing list